In this Salesforce Identity and Access Management Architect training, our Architect experts will present you with a case study scenario that will be broken down and digested through iterative exploration. Learn how to design and build secure, scalable, and high-performing integration and identity solutions through a combination of lecture, demos, hands-on exercises, and workshop presentations and discussions. Our industry-experienced accredited trainers cover all the relevant aspects while providing guidance for System Architect, Identity & Access Management Architect, and Integration Architect credentials.

Course Objectives:

In this course, you will learn to:

• Understand the difference between federated and delegated single sign-on (SSO).
• Gather requirements and configure delegated authentication in Salesforce.
• Gather requirements and configure SAML in Salesforce.
• Know the difference between Identity Provider (IdP) Initiated SAML and Service Provider (SP) Initiated SAML and when to use each.
• Know how trust is established between an IdP and an SP.
• Determine the general identity federation capabilities available for a given project.
• Explain high-level concepts and flows of OAuth, SAML, and OpenID Connect.
• Explain social sign-on in the context of Salesforce.
• Explain authentication mechanisms for Communities.
• Identify the cause and resolve common failure conditions for SSO in Salesforce.
• Explain why a solid SSO strategy is important for enterprise security.
• Know why two-factor authentication (2FA) is important and strategies for implementing it in Salesforce.
• Explain the use of login flows.
• Determine the applicable use cases for Identity Connect.
• Determine appropriate user lifecycle management techniques (automated user provisioning, just-in-time provisioning, manual account creation, etc.) for a given project.

Course content

Identity Management Concepts

• Describe common authentication patterns and understand the differences between each one.
• Describe the building blocks that are part of an identity solution (authentication, authorization, and accountability) and how you enable those building blocks using Salesforce features.
• Describe how trust is established between two systems.
• Given a scenario, recommend the appropriate method for provisioning users in Salesforce.
• Given a scenario, troubleshoot common points of failure that may be encountered in a single sign-on (SSO) solution (SAML, OAuth, etc.).

Accepting Third-Party Identity in Salesforce

• Given a use case, describe when Salesforce is used as a Service Provider (SP).
• Given a scenario, recommend the most appropriate way to provision users from identity stores in business-to-employer (B2E) and business-to-consumer (B2C) scenarios.
• Given a scenario, recommend the appropriate authentication mechanism when Salesforce needs to accept third-party Identity (Enterprise Directory, Social, Community, etc.).
• Given a scenario, identify the ways to provision users in Salesforce to enable SSO and apply access rights.
• Given a scenario, identify the auditing and monitoring approaches available on the platform, and describe the tools available to diagnose Identity Provider (IdP) issues.

Salesforce as an Identity Provider

• Given a scenario, identify the most appropriate OAuth flow (Web-based, JWT, User agent, Device auth flow).
• Given a scenario, recommend appropriate Scope and Configuration of the Connected App for Authorization.
• Describe the various implementation concepts of OAuth (scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.).
• Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the third-party system (Canvas, Connected Apps, App Launcher, etc.).

Access Management Best Practices

• Given a set of requirements, determine the most appropriate methods of multi-factor authentication (MFA) to use, and the right type of session they should yield.
• Given a scenario, determine how to best assign roles, profiles, and permission sets to a user during the SSO process, how to keep these assignments up to date.
• Given a scenario, describe which tools you can apply to audit and verify the activity/user during and after login.
• Given a scenario, identify the configuration settings for a Connected App.

Salesforce Identity

• Given a set of requirements, identify the role Identity Connect plays in a Salesforce Identity implementation.
• Given a scenario, identify if Salesforce Customer 360 Identity fits into a fully-developed Customer 360 solution.
• Give a set of requirements, recommend the most appropriate Salesforce license type(s).

Community (Partner and Customer)

• Describe the capabilities for customizing the user experience for Experience Cloud (Branding options, authentication options, identity verification self-registration, communications, password reset, etc.).
• Given a set of requirements, determine the best way to support external IdPs in communities and leverage the right user/contact model to support community user experience.
• Given a requirement, understand the advantages and limitations of External Identity solutions and associated licenses.
• Given a scenario, determine when to use embedded login.

To see the full course content Download now